IT
1. Malware-based attacks
Malware is a term used to describe malicious software such as spyware, ransomware, viruses, Adware, Fileless, Keyloggers, Trojan horses and worms. It breaches a network through a vulnerability. When a user clicks a dangerous link that installs risky software. Once malware is inside the system, it can do the following:
• It blocks access of the key components of the network
• Installs malware or additional harmful software
• It obtains information by transmitting data from the hard drive
• It disrupts components and renders the system inoperable
Worms
A worm is a malware that replicates itself across different computers. It moves around via a network. It rely on security failures to spread and steal data, set up backdoors and corrupt files.
Adware
Adware is malware that displays marketing content on a user device. It monitors user behavior then enables the malicious to "serve" better-targeted ads.
Fileless Malware
It goes after files native to the operating system. As there are no executables, it is very difficult to detect.
Ransomware
Ransomware is written to exploit vulnerabilities. It encrypts the target's workstation. It can be used to attack multiple parties by denying access to several computers or a central server essential to business operations.
Spyware
As the name suggests, this type of malware spies on user activities and sends data back to the hacker.
Keyloggers
Keyloggers track everything user type is sent to the hacker and can be used for blackmail or identity theft.
Trojans
Trojans horse hide inside a legitimate piece of software. For example, user might download what user think is antivirus software only to have user device infected.
Viruses:
Viruses attach to programs and files are triggered when user open them. Once active, a virus can self-replicate without user knowledge and slow down user device or destroy data. There move throughout network from one infected computer to the next, giving hackers remote access to entire system.
Prevent of malware attack:
• Use antivirus software against malware.
• Use firewalls to filter the traffic that may enter to the device.
• Avoid clicking on suspicious links.
• Update browsers regularly.
2. Phishing attacks
A phishing attack occurs when a cybercriminal sends user a fraudulent email, text called “smishing”, or phone call called “vishing”. It is a type of social engineering attack wherein an attacker act as a trusted contact and sends the fake mails.
Spear phishing attacks:
Spear phishing refers to a phishing attack where attacker takes time to research their intended targets and then write messages to the target. These types of attacks are called “spear” phishing because the attacker hones in on one specific target. The message seem to be legitimate due to that it is very difficult to spot a spear-phishing attack.
Whaling:
A whale-phishing attack goes after the “big fish” or whales of an organization. These individuals possess information such as proprietary information about the business or its operations. If they are targeted, they are more likely to pay the ransom to prevent news of the successful attack from getting out and damaging their reputation.
Angler phishing attacks:
An Angler attack is a new type of phishing scam in which a hacker “baits” users on social media by pretending to be a well-known company’s customer service account. Scammers create accounts and then auto-respond to relevant messages by providing a link for user to talk to a “rep.”
Phishing attacks can be prevented by following ways:
• Scrutinize the emails received.
• Make use of an anti-phishing toolbar.
• Update your passwords regularly.
3. Man-in-the-middle attacks
In this attack, an attacker comes in between a client and host. The attacker hijacks the session and then steal and manipulate data. It is also known as eavesdropping attack. Eavesdropping can be active or passive. With active eavesdropping, the hacker inserts software within the network traffic path to collect information. Passive eavesdropping attacks are attacks in which hacker eavesdrops on the transmissions, looking for useful data they can steal. It is called a man in the middle attack because the attacker is in the “middle of client and host.
MITM attacks can be prevented by following steps:
• Be mindful of the security of the website while using.
• Use encryption on devices.
• Refrain from using public Wi-Fi networks.
4. Distributed Denial of Service (DDoS)
A denial-of-service (DoS) attack is overwhelmed with the resources of a system. Sometimes it becomes difficult to reply to legitimate service requests. It is initiated by malware-infected host machines. It is referred as “denial of service” because the victim is unable to provide service to those who want to access it.
Prevention of DDoS attack:
• Run traffic analysis to identify traffic
• Understand the warning signs
• Formulate an incident response plan
• Have a checklist
• Outsource DDoS prevention to cloud-based service providers.
5. SQL injection attacks
It occurs when hacker inserts malicious code into a server. It uses SQL and forces the server to reveal information. The server that holds the database runs the command and the system is penetrated. SQL injection is a method of taking advantage of websites that depend on databases. Clients get information from servers. An attacker carry out a SQL injection simply by submitting malicious code into a vulnerable website search box.
To prevent a SQL injection attack:
• Use an Intrusion detection system
• Check validation of user-supplied data.
6. DNS tunneling
DNS tunneling is a type of cyber attack that hackers use to bypass traditional security systems to gain access to systems and networks. It utilizes the DNS protocol to communicate traffic over port. It sends HTTP protocol traffic over DNS. It is used to disguise outbound traffic as DNS concealing data that is shared through an internet connection.
DNS requests are manipulated from a compromised system to the attacker’s infrastructure. It is used for command and control callbacks from the attacker’s infrastructure to a compromised system. Once the program is inside, it latches onto the target server and give access to the hackers.
7. Zero-day exploits and attacks
Zero-day exploits attacks are vulnerabilities that exist in a software or network. It happens after the announcement of a network vulnerability. There is no solution for the vulnerability. Hence the vendor notifies about the vulnerability to the users. Depending on the vulnerability, the vendor take some amount of time to fix the issue. Meanwhile, the attackers target the disclosed vulnerability. They make sure to exploit the vulnerability even before a solution is implemented for it.
Zero-day exploits can be prevented by:
• Well-communicated patch management processes.
• Use management solutions to automate the procedures.
• Have an incident response plan to deal with a cyberattack.
• Keep a strategy focussing on zero-day attacks.
8. Password attack
It is a form of attack wherein a hacker cracks password with various programs and password cracking tools. There are few different password-based cyber attacks need to be aware of:
Password spraying:
Password spraying is a attack in which hacker cracks the password and uses the same password across many accounts.
Brute force:
Brute force is a attack in which attacker tries to guess the login credentials of someone to get access to the target system.
Social engineering:
Social engineering attacks occur when hackers use psychology trick to know the password.
Dictionary Attack
In dictionary attack hacker uses a list of common passphrases to gain access to the target's computer. Hackers purchase cracked passwords on the Dark Web. Some attacks rely solely on common words and phrases.
Below are the few ways to prevent password attacks:
• Use strong passwords with special characters.
• Avoid using the same password for multiple accounts.
• Update passwords frequently
9. Drive-by download attacks
In this attack hacker embeds malicious code into insecure website. When user visits the site, the script is automatically executed on their computer. It comes from the fact that the victim only has to drive by the site by visiting it to get infected. In this attack there is no need to click on anything or enter any information.
10. Cross-site scripting attacks
In cross-site scripting attack the attacker transmits malicious scripts using clickable content. When the user clicks on the content the script is executed. It allows hackers to gain unauthorized access to an application or website.
Μου αρέσει